Expert Comments On Astaroth Malware

By   ISBuzz Team
Writer , Information Security Buzz | May 13, 2020 02:56 am PST

Over the past year, the Astaroth infostealer trojan has evolved into one of today’s stealthiest malware strains, containing a slew of anti-analysis and anti-sandbox checks to prevent security researchers from detecting and analysing its operations. The malware has historically targeted Brazilian users ever since it was first spotted in the wild in September 2018.

IBM researchers were the first ones to detect and analyse the malware, followed by Cybereason, and then Microsoft, which analysed its evolution across two separate blog posts, in July 2019 and March 2020.

Astaroth now uses YouTube channel descriptions to hide the URL for its command and control (C2) servers.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Niamh Muldoon
Niamh Muldoon , Senior Director of Trust and Security, EMEA
May 13, 2020 10:57 am

The return of this stealthy malware, Astaroth, is concerning. At the moment this trojan is only active in Brazil but if this method of concealing server URLs on YouTube spreads globally there could be serious numbers of infections. Any malware with the capability of infecting computers to collect data to be sold online is very worrying. In order to prevent attackers infiltrating deeper, both organisations and consumers alike need to implement MFA; hard tokens, biometrics or one-time passwords prevent 99.9% of account takeovers.

Last edited 3 years ago by Niamh Muldoon

Recent Posts

Would love your thoughts, please comment.x